a6828be17bdc5719408cfa0702651de5a5cbf5434730cc84b9097964fb2fd890

Sharing

Copy URL Twitter E-mail

General

Target

a6828be17bdc5719408cfa0702651de5a5cbf5434730cc84b9097964fb2fd890
Size

261KB
MD5

5d3118e90636345cfc3e2f46bfa8efd0
SHA1

962ac433e340a91a4feab17e67083af99bb60efb
SHA256

a6828be17bdc5719408cfa0702651de5a5cbf5434730cc84b9097964fb2fd890
SHA512

79c4c32cdafca2cbe8a703cbd646a798c00a30dcf5de80bea05fab51e43ca1e0c6f0fa36d629c4734918525ac4fe94c342addd2208d8cfb4de4c40aab32fa338
SSDEEP

6144:wjNqSPrYGLd7tUsQCParRLBu3FhXHid57DlHMvi7T:ENBDrJ71bycGd57hsc

Score

N/A

Malware Config

Signatures

Files

a6828be17bdc5719408cfa0702651de5a5cbf5434730cc84b9097964fb2fd890
.exe windows x86

5716236b7dd5d1ed1167bc39910c26a1

Code Sign

16:4e:c6:23:3b:6c:10:3d:18:9c:ea:22:1c:18:f5:70
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20/04/2011, 00:00

Not After

10/05/2013, 23:59

Subject

CN=SuperAdBlocker.com,OU=SECURE APPLICATION DEVELOPMENT,O=SuperAdBlocker.com,L=Eugene,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:74:6f:28:d5:86:ae:34:90:63:47:2c:ca:40:11:b9:33:8a:56:79
Signer

Actual PE Digest

0b:74:6f:28:d5:86:ae:34:90:63:47:2c:ca:40:11:b9:33:8a:56:79

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SuperAdBlocker.com,OU=SECURE APPLICATION DEVELOPMENT,O=SuperAdBlocker.com,L=Eugene,ST=Oregon,C=US

17/11/2022, 13:30
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
lstrcat
FileTimeToLocalFileTime
FileTimeToDosDateTime
FindResourceA
GetShortPathNameW
GetNumberFormatA
GetEnvironmentVariableA
GetCPInfo
lstrcmpi
CopyFileExW
OpenMutexW
GetHandleInformation
GetLogicalDriveStringsA
GetSystemInfo
CreatePipe
CopyFileExA
GetExitCodeProcess
IsDebuggerPresent
CreateEventA
GetFileAttributesA
GetModuleFileNameW
GetNumberFormatW
lstrlenW
BeginUpdateResourceW
GlobalAlloc
LocalFree
OpenMutexA
GetFileAttributesW
GetSystemDirectoryW
EnumTimeFormatsA
GetUserDefaultLCID
GetProcessHeaps
GetAtomNameA
FindAtomW
ConnectNamedPipe
GetCurrentThreadId
ReadDirectoryChangesW
BeginUpdateResourceA
SetUnhandledExceptionFilter
HeapCreate
GetCurrentThread
CreateDirectoryW
EnumCalendarInfoW
CreateMailslotA
WaitForSingleObject
GetSystemDirectoryA
AddAtomA
GetTempPathA
lstrcatA
GetSystemDefaultLCID
LoadLibraryA
OpenWaitableTimerW
GetACP
OpenWaitableTimerA
GetProcessHeap
GetStringTypeW
SetEvent
GlobalDeleteAtom
GetDiskFreeSpaceA
CreateEventW
GetVolumeInformationW
GetUserDefaultLangID
GetLogicalDriveStringsW
SetCurrentDirectoryA
GetTempPathW
GetModuleHandleA
GetLocalTime
CreateMailslotW
OpenFile
DisconnectNamedPipe
SetComputerNameA
SystemTimeToFileTime
ReplaceFileW
CreateSemaphoreA
IsValidLocale
CreateMutexA
lstrcpyA
Beep
OpenEventW
GetSystemTime
GetProcAddress
WinExec
DeleteAtom
GetStringTypeA
CreateSemaphoreW
TlsAlloc
GetModuleFileNameA
FatalAppExitA
GetThreadLocale
GetDateFormatA
GetTempFileNameW
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
GetStartupInfoA
GetDiskFreeSpaceW
GetLogicalDrives
SearchPathW
GetEnvironmentVariableW
FindAtomA
GetLongPathNameA
GetVolumeInformationA
IsBadWritePtr
lstrlen
CreateNamedPipeA
ReplaceFileA
FreeLibrary
OpenSemaphoreA
OpenEventA
ExpandEnvironmentStringsW
CreateNamedPipeW

user32

GetSysColor
GetKeyState
SetMenu
DestroyMenu
CreateDesktopW
MonitorFromRect
CharNextA
ShowWindow
CreateDialogParamA
PostQuitMessage
DestroyIcon
LoadMenuIndirectA
IsWindow
TrackPopupMenu
GetIconInfo
CharPrevA
LoadIconW
LoadImageW
InsertMenuItemA
keybd_event
InvalidateRgn
EnumClipboardFormats
MessageBoxIndirectW
UnregisterClassW
DefWindowProcA
SetWindowTextW
FindWindowW
SetTimer
GetMessageA
GetMenuItemInfoA
CreateWindowExW
CharUpperA
InsertMenuA
RegisterWindowMessageW
CharLowerW
GetForegroundWindow
ShowCursor
GetMessageW
CharLowerA
WinHelpW
FindWindowA
GetMenuItemID
GetMenu
GetCapture
WaitMessage
CreateDesktopA
SendDlgItemMessageA
OpenClipboard
GetFocus
CreateAcceleratorTableW
GetKeyboardType
MessageBoxA
GetMenuStringW
SetCursorPos
PostMessageA
MessageBeep
EndMenu
CreateAcceleratorTableA
GetMenuItemInfoW
wsprintfA
SendDlgItemMessageW
GetClassInfoA
LoadCursorW
LoadMenuA
CreateDialogIndirectParamW
SetDlgItemTextW
IsMenu
GetClassInfoW
GetMenuState
SendMessageW
DialogBoxIndirectParamA
MessageBoxIndirectA
MonitorFromWindow
IsIconic
wsprintfW
GetAsyncKeyState
GetMenuItemCount
GetActiveWindow
CharUpperW
SetWindowLongW
GetSysColorBrush
RegisterWindowMessageA
IsChild
GetMenuInfo
GetDlgItemTextA
SetWindowTextA
LoadBitmapA
DialogBoxParamW
AdjustWindowRect
GetDCEx
GetCursorPos
EndDialog
SetFocus
GetMenuStringA
EmptyClipboard
GetWindowRgn
RegisterClassW
EnumWindows
GetTopWindow
AppendMenuW
GetClassInfoExA
mouse_event
GetScrollPos
EnableMenuItem
MoveWindow
GetSubMenu
PeekMessageA
CharPrevW
SetCursor
LoadIconA
CreateDialogIndirectParamA
CopyIcon
MonitorFromPoint
CopyRect
RegisterClassA
GetDlgItemInt
OffsetRect
LoadMenuIndirectW
DefWindowProcW
GetCaretPos
GetCapture
CheckMenuItem
SetWindowRgn
wvsprintfW
InvalidateRect
SetWindowPos

gdi32

CreateScalableFontResourceA
CreateColorSpaceA
CreateDIBPatternBrushPt
GetRasterizerCaps
CreateMetaFileW
GetEnhMetaFileA
CreateBitmapIndirect
GetMetaFileA
CreatePalette
CreateICW
CreateFontA
GetTextExtentPointW
RemoveFontResourceExA
CreateSolidBrush
CreateFontIndirectExA
ExtCreateRegion
CreateRectRgn
CreateEllipticRgn
CreateDIBPatternBrush
SelectBrushLocal
CreatePolygonRgn
RemoveFontResourceExW

advapi32

RegCreateKeyExA
SystemFunction016
LsaAddPrivilegesToAccount
SetNamedSecurityInfoA
QueryServiceStatusEx
RegUnLoadKeyA
ImpersonateAnonymousToken
SaferSetLevelInformation
CloseCodeAuthzLevel
CryptGetDefaultProviderW

shell32

StrCmpNW

shlwapi

PathRenameExtensionW
PathIsSameRootW
PathCombineW
StrCmpNIW
UrlIsNoHistoryA
SHCreateShellPalette
PathQuoteSpacesW
StrDupW
PathParseIconLocationA
SHRegGetBoolUSValueA
StrFormatByteSizeW
PathUnquoteSpacesW

comdlg32

GetSaveFileNameW
GetFileTitleW
PrintDlgExW
GetFileTitleA
FindTextW
PrintDlgA
PageSetupDlgW
PageSetupDlgA
PrintDlgW

oleaut32

VarCmp
VarBoolFromI8

winmm

auxGetVolume
joyGetThreshold
joyGetPos
mixerGetDevCapsW
mciSendStringW
waveInGetDevCapsW
mmioSendMessage
auxGetDevCapsA
waveInGetNumDevs
mid32Message
waveInReset

rasmontr

RutlFree
RutlDwordDup

wsock32

inet_ntoa
ioctlsocket
GetNameByTypeW
WSAAsyncGetServByName
dn_expand
WSAAsyncGetProtoByNumber
WSASetLastError
WSAGetLastError
closesocket
AcceptEx
rexec
WSAAsyncGetHostByName
connect
WSAAsyncGetProtoByName
WSARecvEx
WSApSetPostRoutine
__WSAFDIsSet
ntohs

crypt32

CertGetStoreProperty
I_CryptReleaseLruEntry
I_CryptGetTls
CertCompareIntegerBlob
CryptMsgControl
CertVerifyCRLTimeValidity
CertCreateCertificateContext
CertGetIntendedKeyUsage
I_CryptWalkAllLruCacheEntries
CryptMsgDuplicate
CryptGetOIDFunctionValue
CryptSIPAddProvider
CryptSIPRetrieveSubjectGuid
RegQueryInfoKeyU
CertComparePublicKeyInfo
CertAddEnhancedKeyUsageIdentifier
CryptBinaryToStringW

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5716236b7dd5d1ed1167bc39910c26a1

Code Sign

16:4e:c6:23:3b:6c:10:3d:18:9c:ea:22:1c:18:f5:70Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0b:74:6f:28:d5:86:ae:34:90:63:47:2c:ca:40:11:b9:33:8a:56:79Signer

Signature Validations

Verification

17/11/2022, 13:30 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comdlg32

oleaut32

winmm

rasmontr

wsock32

crypt32

Sections

.text Size: 12KB - Virtual size: 12KB

.edata Size: 107KB - Virtual size: 106KB

.rdata Size: 9KB - Virtual size: 19KB

.data Size: 7KB - Virtual size: 67KB

.edata Size: 108KB - Virtual size: 108KB

.edata Size: 4KB - Virtual size: 38KB

.rsrc Size: 8KB - Virtual size: 7KB

16:4e:c6:23:3b:6c:10:3d:18:9c:ea:22:1c:18:f5:70
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0b:74:6f:28:d5:86:ae:34:90:63:47:2c:ca:40:11:b9:33:8a:56:79
Signer

17/11/2022, 13:30
Valid: false

.text
Size: 12KB - Virtual size: 12KB

.edata
Size: 107KB - Virtual size: 106KB

.rdata
Size: 9KB - Virtual size: 19KB

.data
Size: 7KB - Virtual size: 67KB

.edata
Size: 108KB - Virtual size: 108KB

.edata
Size: 4KB - Virtual size: 38KB

.rsrc
Size: 8KB - Virtual size: 7KB